From 984628cbbc79f3686178642ece565fdc73302515 Mon Sep 17 00:00:00 2001
From: "Dustin C. Hatch" <dustin@hatch.name>
Date: Sun, 8 Apr 2018 10:50:51 -0500
Subject: [PATCH] roles/samba-dc: Fix typo in host principal name

The service principal name added to `/etc/krb5.keytab` had a trailing
`}` character because of a typo in the Ansible task. This resulted in
GSSAPI authentication failing because server processes could not find
the host key in the key table.
---
 roles/samba-dc/tasks/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/samba-dc/tasks/main.yml b/roles/samba-dc/tasks/main.yml
index 495ee09..4bbf9a7 100644
--- a/roles/samba-dc/tasks/main.yml
+++ b/roles/samba-dc/tasks/main.yml
@@ -89,5 +89,5 @@
 - name: ensure host keytab exists
   command: >-
     samba-tool domain exportkeytab /etc/krb5.keytab
-    --principal=host/{{ ansible_fqdn }}}
+    --principal=host/{{ ansible_fqdn }}
     creates=/etc/krb5.keytab